DivestOS/Patches/Linux_CVEs/CVE-2017-0516/ANY/0001.patch

From 0dba52cf7955306c71fb76d16437d848c953e462 Mon Sep 17 00:00:00 2001
From: Vevek Venkatesan <vevekv@codeaurora.org>
Date: Fri, 23 Dec 2016 11:34:32 +0530
Subject: input: misc: fix heap overflow issue in hbtp_input.c

Add the boundary check for ABS code before setting ABS params,
to avoid heap overflow.

Change-Id: I6aad9916c92d2f775632406374dbb803063148de
Signed-off-by: Vevek Venkatesan <vevekv@codeaurora.org>
---
 drivers/input/misc/hbtp_input.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/input/misc/hbtp_input.c b/drivers/input/misc/hbtp_input.c
index 4c0e9a9..e80afcf 100644
--- a/drivers/input/misc/hbtp_input.c
+++ b/drivers/input/misc/hbtp_input.c
@@ -130,9 +130,13 @@ static int hbtp_input_create_input_dev(struct hbtp_input_absinfo *absinfo)
 	input_mt_init_slots(input_dev, HBTP_MAX_FINGER, 0);
 	for (i = 0; i <= ABS_MT_LAST - ABS_MT_FIRST; i++) {
 		abs = absinfo + i;
-		if (abs->active)
-			input_set_abs_params(input_dev, abs->code,
+		if (abs->active) {
+			if (abs->code >= 0 && abs->code < ABS_CNT)
+				input_set_abs_params(input_dev, abs->code,
 					abs->minimum, abs->maximum, 0, 0);
+			else
+				pr_err("%s: ABS code out of bound\n", __func__);
+		}
 	}
 
 	error = input_register_device(input_dev);
-- 
cgit v1.1